Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-15540
Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an malicious user to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal.
Agentejo Cockpit -
NA
CVE-2014-3428
Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote malicious users to inject arbitrary web script or HTML via the model parameter to servlet.
Yealink Voip Phone Firmware 28.72.0.2
Yealink Voip Phone 28.2.0.128.0.0.0
NA
CVE-2014-9337
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mikiurl Wordpress Eklentisi plugin 2.0 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks vi...
Mikiurl Wordpress Eklentisi Project Mikiurl Wordpress Eklentisi
NA
CVE-2012-0253
Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pluck SiteLife prior to 5.0.13 allow remote malicious users to inject arbitrary web script or HTML via (1) the jsonRequest parameter to Direct/Process, the (2) r or (3) cb parameter to Direct/jsonp.htm, or (4) th...
Demandmedia Pluck Sitelife
8.8
CVSSv3
CVE-2018-15539
Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc.
Agentejo Cockpit -
NA
CVE-2012-0993
Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote malicious users to execute arbitrary PHP code via the viewer_size_image_saved cookie.
Zenphoto Zenphoto 1.4.2
NA
CVE-2012-0994
SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.
Zenphoto Zenphoto 1.4.2
NA
CVE-2014-4727
Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware prior to 140916 allows remote malicious users to inject arbitrary web script or HTML via the hostname in a DHCP request.
Tp-link Tl-wdr4300 Firmware
Tp-link Tl-wdr4300 -
NA
CVE-2014-4728
The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware prior to 140916 allows remote malicious users to cause a denial of service (crash) via a long header in a GET request.
Tp-link Tl-wdr4300 Firmware
Tp-link Tl-wdr4300 -
9.1
CVSSv3
CVE-2018-14916
LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.
Loytec Lgate-902 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »